Vulnerability identifier: #VU17846
Vulnerability risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Firepower 9000 Series
Hardware solutions /
Firmware
Vendor: Cisco Systems, Inc
Description
The vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack.
The vulnerability exists in field-programmable gate array (FPGA) ingress buffer management due to a logic error in the FPGA related to the processing of different types of input packet. An adjacent attacker can send a specially crafted sequence of input packets to a specific interface on an affected device, cause a queue wedge condition on the interface and cause the affected device to stop processing any additional packets that are received on the wedged interface.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Firepower 9000 Series: 2.2.200.8
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.